Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022

Posted by: Interware

The Vice Society cybercrime group has disproportionately targeted educational institutions, accounting for 33 victims in 2022 and surpassing other ransomware families like LockBit, BlackCat, BianLian, and Hive.

Other prominent industry verticals targeted include healthcare, governments, manufacturing, retail, and legal services, according to an analysis of leak site data by Palo Alto Networks Unit 42.

The cybersecurity company called Vice Society one of the "most impactful ransomware gangs of 2022."

Of the 100 organizations affected in total, 35 cases have been reported from the U.S., followed by 18 in the U.K., seven in Spain, six each in Brazil and France, four each in Germany and Italy, and three cases in Australia.

Active since May 2021, Vice Society stands apart from other ransomware crews in that it does not use a ransomware variant of its own, rather relying on pre-existing ransomware binaries such as HelloKitty and Zeppelin that are sold on underground forums.

Microsoft, which is tracking the activity under the name DEV-0832, said the group avoids deploying ransomware in some cases and carries out extortion using exfiltrated stolen data.

The operators have been seen utilising internet-facing programmes to leverage compromised credentials to gain initial network access and abusing known security holes to escalate privileges.

The incident response activities of Unit 42 reveal that the organisation spends six days in the settings of the victims and that the initial ransom sums may surpass $1 million; however, after negotiations, this price may fall by as much as 60% to $460,000.

According to Unit 42 researcher JR Gumarin, "school districts with poor cybersecurity capabilities and tight resources are frequently the most vulnerable to threat actors."

"Vice Society consistently targets the school sector, especially around the month of September, which serves as a warning that this organisation has designed its campaigns to capitalise on.

Source: Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022 — Interware (squarespace.com)